Vulnerabilities > CVE-2014-1408 - Credentials Management vulnerability in Conceptronic C54Apm and C54Apm Firmware

CVSS 7.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

NONE

Availability impact

NONE

network

low complexity

conceptronic

CWE-255

NVD

Published: 2014-01-10

Updated: 2014-05-05

Summary

The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as demonstrated by stored XSS attacks.

Vulnerable Configurations

Part	Description	Count
OS	Conceptronic Conceptronic C54Apm Firmware 1.26	1
Hardware	Conceptronic Conceptronic C54Apm V2	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf
http://download.conceptronic.net/manuals/C04-058_C54APM_v2.0_Quick_Guide_ML.pdf